A vulnerability in the handling of Secure Shell (SSH) TCP packets in the Cisco Integrated Services Routers (ISR) models 800, 819, and 829, could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to low memory on the device.
The vulnerability is due to the handling of out-of-order, or otherwise invalid, TCP packets on an SSH connection to the device. An attacker could exploit this vulnerability by connecting via SSH to the device and then crafting TCP packets which are out of order or have invalid flags. An exploit could allow the attacker to cause the device to report low-memory warnings which could in turn cause a partial DoS condition.
Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.